Re: [lamps] WG Last Call for rfc6844bis

Tim Hollebeek <tim.hollebeek@digicert.com> Thu, 11 October 2018 19:25 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6323126DBF for <spasm@ietfa.amsl.com>; Thu, 11 Oct 2018 12:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.457
X-Spam-Level:
X-Spam-Status: No, score=-2.457 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2H0CN8N7-YXv for <spasm@ietfa.amsl.com>; Thu, 11 Oct 2018 12:25:36 -0700 (PDT)
Received: from mail1.bemta23.messagelabs.com (mail1.bemta23.messagelabs.com [67.219.246.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8D0B12008A for <spasm@ietf.org>; Thu, 11 Oct 2018 12:25:35 -0700 (PDT)
Received: from [67.219.247.52] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta.az-d.us-east-1.aws.symcld.net id 59/6F-08437-EA3AFBB5; Thu, 11 Oct 2018 19:25:34 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WSW0wTQRSGme52uyDVpdyODaA28QWztSVqMGo gMRqiMfqgL6LRhS5tk1JqdxH0CU24KEooAaIogkpEC6jRImq4iTdE4wUNAnJVIIoRqxjQBIy7 Hbw9zOSb/z/nzJnJoQnNW0pL85ki77RzNh0VQHYv9mxjL59vSTTcdAXHjr/vUcWe6UqOVyRUV f1QJLj7vim3KXYqrfaktMy9SstHzxXKMbo+8/uJUlUW+hJ/FAXQJHOMgCfVHlI+aBiXAnIbxp T4MIig7uWU5PjTFGOArqaHCplDmDgoKslTyRws6UNPB0msG6G76cIcx8BIzywlM8kshZnyfqX MamY3tDZflpiWLogDb81GWfZn4uHuZL+vPGLCYLqj1scEEw69IxU+BiYEhl88pjCHwod3P31l gFkCPfUsliOhsyIfye0D06KC632Fc7kseEtKCMxb4J0nm8RBnQga2kdJbETD/SufVbioDb6ei sbyGjhSN6bEHAXu48Nzue0ENObeIHF8BAxUi1h3UTBQftWXoGFMUOxuo/DDdkH5pMxyUCEB7o IpVIiiy/55aJnkEUwlgtxjLmWZ78OC4NHJERIHsXC7uZXAvAgaPp2WWCXxWvCYsLoEivOHVZh XQc7TL1Qlot1oZZLTaraIqZzVxhoNBtZojJEWa9BzB1mTPl1geU4QWaOeyxD0woHUZJtJb+fF a0iaMZNjnt9N1HjO3IYW0gpdqPreppZEzfykNNMBCydY9jjTbbzQhiJoWgfq7nOSF+TkzXxmi tUmDepvG+hAXYh6h2yrBQeXKljN2OpAq+mCN9knCDpn9LW058m7hrSn2XltuLpWTmDkBEu6/U +536PfiSK1wWrk5+enCXTwzlSr+L8/jsJppAtWD8lVAq128c+t41JDCqmhju2NckMi99fSZqG qfpIr9s6ryzo1+DIsLPZxii7R8ynO8WFT/sNnjoK4Zu3keOGzJ72rc4refnbuq1lDbvYmuHpL W1sqkt9PiIuIfHqi7jl6cNK7f+vYnYyR+pScRu/MxaiIQ00rD599tW5ZUMywYcH8rul9jNkwt KH91vK7K6YqLPVRswO3LiVlKxp0pGDhjNGEU+B+AfOs58z1AwAA
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-19.tower-424.messagelabs.com!1539285933!173051!1
X-Originating-IP: [216.32.180.80]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.14.24; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 4200 invoked from network); 11 Oct 2018 19:25:34 -0000
Received: from mail-sn1nam04lp0080.outbound.protection.outlook.com (HELO NAM04-SN1-obe.outbound.protection.outlook.com) (216.32.180.80) by server-19.tower-424.messagelabs.com with AES256-SHA256 encrypted SMTP; 11 Oct 2018 19:25:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4C5QkwQiifP4/M/tYFmw5Mb5Xof7ietfzwwkVFnRS2Q=; b=qTnV6GPhRoyXV/7DF1WpybdSx+J7gyarQTMF/I1hgQP3Ym1zgvB1HYEDSLQoKwTfwbt4vCBW95AQJzok36H1stwhQR8OZ2CWJcehxRSR6B6OD1vD0i5+6nOb0iKV83JdiePEpSfP316ljx+K0D9bedLon9+mRrwRYlIZL+u615o=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1556.namprd14.prod.outlook.com (10.172.152.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.24; Thu, 11 Oct 2018 19:25:31 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::14a4:c8e1:5979:3ae1]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::14a4:c8e1:5979:3ae1%2]) with mapi id 15.20.1228.020; Thu, 11 Oct 2018 19:25:31 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Russ Housley <housley@vigilsec.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] WG Last Call for rfc6844bis
Thread-Index: AQHUYYx49OvVTNXTEUG4xpwbXU/0E6Uaadrg
Date: Thu, 11 Oct 2018 19:25:30 +0000
Message-ID: <BN6PR14MB11063B4401B3C6BEBAF7A68D83E10@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <F72DABEA-234C-4644-914A-81FBCC86D11B@vigilsec.com>
In-Reply-To: <F72DABEA-234C-4644-914A-81FBCC86D11B@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1556; 6:HW/3dxzlTpAPxLQHXl7OsLqJmn9Ub/L8Bsxb6GF2LwtM2rqQVOIWmsLkMf7L53p9Y5F8YaUkDDNJHna7PsasIVJZs9gam1yiQygqnXLv5h8/ngpNW39+5iQx/p0kJs840hZdigye/7wImfn50N7LmcvEhp7XRAB3nKeCHSk64RJ+ReFqI+OHYwU/sSiPGW/3/dtdWavyTN3vHqMfpqj1I8C741nOjIDkTnYrY99xlCZVK/qqRRzm5XQhB7Pq5p7/64j9m5o1Yr1np0yUf2eiWzX6TmGbx5PFKGAdpi71qrbT7gUARhwp1eVjeC4ffhfbpfcpCvyNp22UCPzN2OOZen/FTagq+Cfc+hXe+F6AeNY2FLcAv/jM2aQ3/yZj28aJvtrYmwUoRQUr6Va/CDBZ/j+IFj04Ei3SFFQxmNg6e7VG2Yj/H2t3tJqVBvDzaACcCcca5EF44s3Hb/mBCx4HGA==; 5:ntHFEBLLkrk8weAjlBhSbWvwM3GJi1xnS0LbmOi3SgbGBa72O0zcydVKAkkZztwk6By1a/E/y1ZHq8truJFFeg3+IDPXpnbl7rNPm5yCnxn58g0Qt2z3oKjZHgB7wSnfjmu8a4ZJAxKS/OLozQ7ThrGGPalvnqSC1M+K2lTL8DA=; 7:VV853DUaB4BC4D6/UiiC57dpUgHO5uUEVEmO6UkhwobpJM3BAT8lPm6TBegoHgxTtf6ccTsiMF2cFyTbvozItzP3sNeW1zUjbImu4MBaO1Jz4ysu6/1Wxenl9GalMtTaHOlEwHBdCxr7GBtTODoD6H26rJKpTDqvg38wlknqfhHoXBampKKS+WIT8AOXG/jbEPREI0057l1QWyR2NiHm1iNbqUdcWC4x35eW4jzIZpPaHVJkOquSg2sd+cMNWC5t
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e19309d4-670e-4084-b28b-08d62faf4f13
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1556;
x-ms-traffictypediagnostic: BN6PR14MB1556:
x-microsoft-antispam-prvs: <BN6PR14MB155633758ED7FD92BEC2B83083E10@BN6PR14MB1556.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(269456686620040);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231355)(944501410)(4983020)(52105095)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(201708071742011)(7699051)(76991060); SRVR:BN6PR14MB1556; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1556;
x-forefront-prvs: 08220FA8D6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(39860400002)(376002)(396003)(346002)(199004)(189003)(13464003)(229853002)(68736007)(6246003)(33656002)(105586002)(106356001)(97736004)(316002)(8936002)(81156014)(66066001)(99936001)(81166006)(8676002)(2900100001)(71200400001)(5660300001)(71190400001)(9686003)(256004)(6116002)(53546011)(6506007)(14444005)(102836004)(6346003)(26005)(186003)(44832011)(86362001)(305945005)(74316002)(446003)(476003)(7736002)(11346002)(110136005)(14454004)(2906002)(486006)(966005)(66574009)(478600001)(25786009)(5250100002)(7696005)(6436002)(76176011)(53936002)(99286004)(6306002)(55016002)(3846002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1556; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 2Br6f72tcEeLhZiv5V6UpsnTYq2G5FopYGRmghcSwCU4kyRT/SYMC5wThagvr5dck7I3Grw/Twp3BnnCfbnQJQIDJWrf9OSbO+AEm9jgRUJWIOPe4d7gMbVnmGhbQ09u3Um73fevdglIwwyMrN9ZPGdxHl3OfJYneJInD+lstEbdEelcIn7u3Cq1SFg3xTjPaUqOr3QlKSB0iFPZUfj0LeVBX+HPo74mRm4S/u1I5aPYjOeb+iAcqlGvDRQhc+Yn3USWogzBB4I2SKyV1LfIBd4DZG1qEQxwElVAHCF7KC+Py05CKzliXsohqIYdAOmW/6ayqdFYHPOyK7iRNhSE1u/pSx+o6oHxOYDVjKSf9GM=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_067A_01D46176.98D2BD10"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e19309d4-670e-4084-b28b-08d62faf4f13
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2018 19:25:31.0846 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1556
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/IVksFpWC83kgH5bFHS_U_uqGxcg>
Subject: Re: [lamps] WG Last Call for rfc6844bis
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Oct 2018 19:25:39 -0000

LAMPS chair hat off; CABF Validation Subcommittee (formerly, Validation
Working Group) hat on.

Recently at the CA/Browser Forum, allowing customers to use CAA  to limit
the validation methods that can be used for a domain has been identified
as one of the Forum's highest priorities.  I started a thread on the idea
back
in December:

https://mailarchive.ietf.org/arch/msg/spasm/Jse-FslACq3wair2B2_YSwpViNs

While CAs can potentially unilaterally implement this on their own outside 
the Forum with parameters (as in the acme-caa draft), uniformity throughout 
the industry would be desirable.  The Forum also has the ability to mandate 
implementation by a specific date.

This was discussed on this morning's Validation Subcommittee call, and it
was suggested we ask the group if there is interest in including this in RFC

6844-bis, or whether it would be preferable to handle it as a separate
draft.

-Tim

> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Thursday, October 11, 2018 2:01 PM
> To: SPASM <spasm@ietf.org>
> Subject: [lamps] WG Last Call for rfc6844bis
> 
> This is the LAMPS WG Last Call for "DNS Certification Authority
Authorization
> (CAA) Resource Record" <draft-ietf-lamps-rfc6844bis-01>.
> 
> Please review the document and send your comments to the list by 22
> October 2018.
> 
> If no concerns are raised, the document will be forwarded to the IESG with
a
> request for publication as Proposed Standard.
> 
> Russ & Tim
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm